Re: SQL / IIS Application Pool Identity

From: Paul Glavich [MVP - ASP.NET] (glav_at_aspalliance.com-NOSPAM)
Date: 10/17/04

  • Next message: Gaurav Vaish: "Re: Multiple Authentication Modes" 
    Date: Sun, 17 Oct 2004 22:04:15 +1000

    Set the authentication tag in web.config to "windows" (this way it actually
    used windows integrated authentication) and turn off (disable) anonymous
    authentication in IIS management console for that virtual directory. This is
    only for authentication though. simply changing to defined application pool
    user (rigfht click on the app pool in IIS manager and select properties and
    go to the Identity tab). You can select a user to use here, and that context
    will be used to authenticate against SQL database. Note: Once you have
    enabled windows intgrated auth above, disable impersonation in the
    web.config, otherwise the user context/credentials will be used to connect
    to sql, which will obviously be different for each user.

    So,
    - enable windows auth as I mentioned above. This is so the user
    authentication is actually taking place.
    - disable impersonation in the web.config
    - change the user in the Identity tab of the properties of the Application
    pool to use a user you would like to connect to the sql database. Ensure
    that this user has correct access to your virtual directory for your web app
    and any temporary and required system file areas. 

    -- 
- Paul Glavich
Microsoft MVP - ASP.NET
"Colin Bowern" <colinbowern@nospam.indimensions.com> wrote in message
news:%23MGkUMwsEHA.2556@tk2msftngp13.phx.gbl...
> Hi,
>
> I've got an ASP.NET web application which uses Windows security with a SQL
> Server database.  I want to use the application pool identity to make the
> connection to the SQL server database.  If I set the authentication tag to
> None and impersonation to false I get the following:
>
> ===
>
> Event Type: Error
> Event Source: ExceptionManagerPublishedException
> Event Category: None
> Event ID: 0
> Date:  10/15/2004
> Time:  5:54:26 PM
> User:  N/A
> Computer: IPDDFZ0025ATL2
> Description:
>
> General Information
> *********************************************
> Additional Info:
> ExceptionManager.MachineName: (removed)
> ExceptionManager.TimeStamp: 10/15/2004 5:54:26 PM
> ExceptionManager.FullName:
Microsoft.ApplicationBlocks.ExceptionManagement,
> Version=1.0.1746.26470, Culture=neutral, PublicKeyToken=null
> ExceptionManager.AppDomainName:
> /LM/W3SVC/1518623831/Root-12-127423650871912556
> ExceptionManager.ThreadIdentity:
> ExceptionManager.WindowsIdentity: NT AUTHORITY\NETWORK SERVICE
>
> 1) Exception Information
> *********************************************
> Exception Type: System.Data.SqlClient.SqlException
> Errors: System.Data.SqlClient.SqlErrorCollection
> Class: 14
> LineNumber: 0
> Message: Login failed for user '(null)'. Reason: Not associated with a
> trusted SQL Server connection.
> Number: 18452
> Procedure:
> Server:
> State: 1
> Source: .Net SqlClient Data Provider
> TargetSite: System.Data.SqlClient.SqlInternalConnection
> GetConnection(Boolean ByRef)
> HelpLink: NULL
>
> StackTrace Information
> *********************************************
>    at System.Data.SqlClient.ConnectionPool.GetConnection(Boolean&
> isInTransaction)
>    at
>
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnec
tionString
> options, Boolean& isInTransaction)
>    at System.Data.SqlClient.SqlConnection.Open()
>    at InDIMENSIONS.Web.SmartForm.ContactForm.CreateContactRecord(String
> inquiryType, String subject, String message, String name, String
> emailAddress, String ipAddress, String fileName)
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> ===
>
> Given that the app is running under the NETWORK SERVICE identity, would it
> not use that to make the connection?
>
> The application and SQL Server instance are on the same server, Windows
> Server 2003.
>
> The articles I've read on MSDN so far haven't been very clear about this.
> Can someone provide an example or guidance on what I need to set to get
this
> scenario working?
>
> Thanks!
> Colin
>
>
  • Next message: Gaurav Vaish: "Re: Multiple Authentication Modes"

    Relevant Pages

    • RE: Beginners Questions
      ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
      (microsoft.public.dotnet.distributed_apps)
    • Re: Windows Authentication and software in a hosted environment.
      ... What type of authentication are you using for the VPN? ... If you are using something like ISA server then the user is passing windows ... In my experience with hosted DB solutions almost always SQL auth is used. ...
      (microsoft.public.sqlserver.security)
    • Re: Accessing SQL Server w/ Forms on Intranet
      ... Windows Integrated Authentication as that is what our network runs on. ... > of authentication are you using on SQL Server - Windows? ...
      (microsoft.public.dotnet.distributed_apps)
    • Re: Connecting to SQL Without Windows Authentication
      ... Are you connecting to the SQL ... Server via named ... >> I have a Windows 2000 server ... If I connect using SQL Authentication, ...
      (microsoft.public.sqlserver.security)
    • Re: Need help configuring Wireless Connection profile
      ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
      (microsoft.public.windowsxp.general)